Medium 5.9
2026-03-10
WordPress <= 6.9.1 - Authenticated (Author+) XML External Entity Injection via getID3 Library Media Upload
WordPress 5.2.9 Vulnerabilities
Vulnerabilities 73
Medium 5.4
2024-10-16
CVE-2022-4973
Medium 5.0
2024-06-25
CVE-2024-32111
N/A
2024-06-25
WordPress is vulnerable to Cross Site Scripting (XSS)
Medium 5.3
2024-04-05
CVE-2023-5692
High 8.8
2024-04-04
CVE-2024-31210
Medium 5.3
2023-10-16
CVE-2023-5561
Medium 4.3
2023-10-13
CVE-2023-39999
N/A
2023-10-12
WordPress Core 4.7.0-6.3.1 - Denial of Service via Cache Poisoning
N/A
2023-10-12
WordPress Core < 6.3.2 – Authenticated (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode
N/A
2023-05-19
WordPress Core < 6.2.1 - Shortcode Execution in User Generated Content
Medium 5.4
2023-05-17
CVE-2023-2745
N/A
2023-05-17
WordPress <= 6.2 is vulnerable to Directory Traversal
N/A
2023-05-17
WordPress <= 6.2 is vulnerable to Cross Site Scripting (XSS)
N/A
2023-05-17
WordPress <= 6.2 is vulnerable to Cross Site Request Forgery (CSRF)
N/A
2023-05-16
WordPress Core < 6.2.1 - Cross-Site Request Forgery
N/A
2023-05-16
WordPress Core < 6.2.1 - Insufficient Sanitization of Block Attributes
N/A
2023-05-16
WordPress Core < 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Embed Discovery
Medium 5.9
2022-12-14
CVE-2022-3590
Medium 5.3
2022-12-05
CVE-2022-43504
Medium 6.1
2022-12-05
CVE-2022-43500
Medium 6.1
2022-12-05
CVE-2022-43497
N/A
2022-11-08
Multiple vulnerabilities in WordPress
N/A
2022-10-18
WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API
N/A
2022-10-18
WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability in Comment editing
N/A
2022-10-18
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - SQL Injection (SQLi) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Cross-Site Request Forgery (CSRF) vulnerability in wp-trackback.php
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Open redirect vulnerability
N/A
2022-10-18
WordPress Core < 6.0.3 - Shared User Instance Weakness
N/A
2022-10-18
WordPress Core < 6.0.3 - Open Redirect
N/A
2022-10-18
WordPress Core < 6.0.3 - Information Disclosure (Multi-Part Email Leak)
N/A
2022-10-18
WordPress Core < 6.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Customizer
N/A
2022-10-18
WordPress Core < 6.0.3 - Authenticated Information Disclosure via REST-API
N/A
2022-10-18
WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection
N/A
2022-10-18
WordPress Core < 6.0.3 - Cross-Site Request Forgery via wp-trackback.php
N/A
2022-10-18
WordPress Core < 6.0.3 - Information Disclosure (Email Address)
N/A
2022-10-18
WordPress Core < 6.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting via Comments
N/A
2022-10-18
WordPress Core < 6.0.3 - SQL Injection via WP_Date_Query
N/A
2022-08-31
WordPress <= 6.0.1 - Authenticated Cross-Site Scripting (XSS) vulnerability
N/A
2022-08-31
WordPress <= 6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-08-31
WordPress <= 6.0.1 - Authenticated SQL Injection (SQLi) vulnerability via Link API
N/A
2022-08-30
WordPress Core < 6.0.2 - Authenticated SQL Injection
N/A
2022-08-30
WordPress Core < 6.0.2 - Stored Cross-Site Scripting via Plugin Deactivation and Deletion Errors
N/A
2022-08-30
WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function
N/A
2022-03-11
WordPress <= 5.9.1 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-03-11
WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
N/A
2022-03-11
WordPress Core < 5.9.1 - jQuery Prototype Pollution
Medium 5.4
2022-01-06
CVE-2022-21662
High 7.2
2022-01-06
CVE-2022-21663
High 8.8
2022-01-06
CVE-2022-21664
Critical 9.8
2021-11-25
CVE-2021-44223
N/A
2021-11-10
WordPress core <= 5.8.1 - Expired DST Root CA X3 Certificate issue
N/A
2021-11-10
WordPress Core < 5.8.2 - ca-bundle.crt contains expired certificate DST Root CA X3
Medium 5.3
2021-09-09
CVE-2021-39200
Medium 5.4
2021-09-09
CVE-2021-39201
N/A
2021-09-09
WordPress core <= 5.8 - Command injection vulnerability in the Lodash library
High 7.4
2021-09-09
WordPress Core < 5.8.1 - LoDash Update
N/A
2021-05-13
WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability
Critical 9.8
2021-04-28
CVE-2020-36326
High 8.8
2021-04-23
CVE-2021-20083
Medium 4.3
2021-04-15
CVE-2021-29450
N/A
2021-04-15
WordPress core 4.7-5.7 - Sensitive Data Exposure vulnerability
High 7.2
2018-08-10
CVE-2018-14028